示例#1
0
 def get(self, path):
     if not path:
         path = "."
     if path.startswith("/"):
         self.write("Only relative paths are allowed")
         self.set_status(403)
         self.finish()
         return
     t = Template(get_asset("browse.html"))
     args = dict(path=path,
                 listing=utils.get_listing(path),
                 format_prefix=utils.format_prefix,
                 stat=stat,
                 get_stat=utils.get_stat,
                 os=os,
                 css=get_asset("bootstrap.css"))
     self.write(t.generate(**args))
     self.finish()
示例#2
0
文件: main.py 项目: XBurnerAir/heron
 def get(self, path):
     if not path:
         path = "."
     if path.startswith("/"):
         self.write("Only relative paths are allowed")
         self.set_status(403)
         self.finish()
         return
     t = Template(get_asset("browse.html"))
     args = dict(
         path=path,
         listing=utils.get_listing(path),
         format_prefix=utils.format_prefix,
         stat=stat,
         get_stat=utils.get_stat,
         os=os,
         css=get_asset("bootstrap.css"),
     )
     self.write(t.generate(**args))
     self.finish()
示例#3
0
    def get(self, path):
        ''' get method '''
        path = tornado.escape.url_unescape(path)
        if not path:
            path = "."

        # User should not be able to access anything outside
        # of the dir that heron-shell is running in. This ensures
        # sandboxing. So we don't allow absolute paths and parent
        # accessing.
        if not utils.check_path(path):
            self.write("Only relative paths are allowed")
            self.set_status(403)
            self.finish()
            return

        listing = utils.get_listing(path)
        file_stats = {}
        for fn in listing:
            try:
                is_dir = False
                formatted_stat = utils.format_prefix(fn,
                                                     utils.get_stat(path, fn))
                if stat.S_ISDIR(utils.get_stat(path, fn).st_mode):
                    is_dir = True
                file_stats[fn] = {
                    "formatted_stat": formatted_stat,
                    "is_dir": is_dir,
                    "path": tornado.escape.url_escape(os.path.join(path, fn)),
                }
                if fn == "..":
                    path_fragments = path.split("/")
                    if not path_fragments:
                        file_stats[fn]["path"] = "."
                    else:
                        file_stats[fn]["path"] = tornado.escape.url_escape(
                            "/".join(path_fragments[:-1]))
            except:
                continue
        self.write(json.dumps(file_stats))
        self.finish()
示例#4
0
  async def get(self, path):
    ''' get method '''
    if not path:
      path = "."

    if not utils.check_path(path):
      self.set_status(403)
      await self.finish("Only relative paths are allowed")
      return

    t = Template(utils.get_asset("browse.html"))
    args = dict(
        path=path,
        listing=utils.get_listing(path),
        format_prefix=utils.format_prefix,
        stat=stat,
        get_stat=utils.get_stat,
        os=os,
        css=utils.get_asset("bootstrap.css")
    )
    await self.finish(t.generate(**args))
示例#5
0
  def get(self, path):
    ''' get method '''
    path = tornado.escape.url_unescape(path)
    if not path:
      path = "."

    # User should not be able to access anything outside
    # of the dir that heron-shell is running in. This ensures
    # sandboxing. So we don't allow absolute paths and parent
    # accessing.
    if path.startswith("/") or ".." in path:
      self.write("Only relative paths inside job dir are allowed")
      self.set_status(403)
      self.finish()
      return
    listing = utils.get_listing(path)
    file_stats = {}
    for fn in listing:
      try:
        is_dir = False
        formatted_stat = utils.format_prefix(fn, utils.get_stat(path, fn))
        if stat.S_ISDIR(utils.get_stat(path, fn).st_mode):
          is_dir = True
        file_stats[fn] = {
            "formatted_stat": formatted_stat,
            "is_dir": is_dir,
            "path": tornado.escape.url_escape(os.path.join(path, fn)),
        }
        if fn == "..":
          path_fragments = path.split("/")
          if not path_fragments:
            file_stats[fn]["path"] = "."
          else:
            file_stats[fn]["path"] = tornado.escape.url_escape("/".join(path_fragments[:-1]))
      except:
        continue
    self.write(json.dumps(file_stats))
    self.finish()